Stay Sidekick uses a two-level multi-tenant model: companies (Documentation Index
Fetch the complete documentation index at: https://mintlify.com/sdurutr436/stay-sidekick/llms.txt
Use this file to discover all available pages before exploring further.
empresas) are the top-level tenants, each containing one or more users (usuarios). Superadmins can manage any company and its users. Admins can only manage users within their own company. A company’s max_usuarios limit is enforced at creation time and cannot be exceeded.
Valid user roles are admin and operativo. The first user created for a company is automatically assigned the admin role.
All endpoints require
Authorization: Bearer <token>. POST, PATCH, and DELETE requests also require the X-CSRF-Token header.GET /api/usuarios
Lists all users belonging to the target company, along with the company’s maximum user allowance. Auth required: Yes | Role: admin or superadminSuperadmins can append
?empresa_id=<uuid> to query users from any company. Admins always see their own company’s users only.Query Parameters
(Superadmin only) UUID of the company to query. Ignored for non-superadmin callers.
Response
trueArray of user objects.
Maximum number of users allowed for the company.
Example
POST /api/usuarios
Creates a new user for the target company. A secure temporary password is generated automatically and returned in the response — it must be delivered to the new user out-of-band. The user should change it on first login. Auth required: Yes | Role: admin or superadminRequest
Email address of the new user. Must be a valid email. Max 254 characters. Normalised to lowercase.
Role to assign. One of:
admin, operativo.Response
201 Created
trueThe newly created user object.
Auto-generated temporary password. Show this to the admin creating the account — it will not be retrievable again.
Example
DELETE /api/usuarios/<id>
Permanently deletes a user from the company. A user cannot delete their own account. Auth required: Yes | Role: admin or superadminPath Parameters
UUID of the user to delete.
Response
200 OK — {"ok": true}
404 Not Found — user not found or belongs to a different company.
422 Unprocessable Entity — e.g., attempting to self-delete.
Example
PATCH /api/usuarios/<id>
Changes the role of an existing user. Auth required: Yes | Role: admin or superadminPath Parameters
UUID of the user whose role should change.
Request
New role. One of:
admin, operativo.Response
trueThe updated user object.
Example
PATCH /api/usuarios/<id>/contrasena
Generates and sets a new temporary password for the specified user, overwriting the previous one. Use this when a user is locked out or has forgotten their credentials. Auth required: Yes | Role: admin or superadminPath Parameters
UUID of the user whose password should be reset.
Response
trueThe newly generated temporary password. Display it to the admin immediately.
Example
GET /api/empresas
Lists all active companies on the platform, ordered alphabetically by name. Auth required: Yes | Role: superadminResponse
trueArray of company objects.
Example
POST /api/empresas
Creates a new company tenant. A welcome email is sent to the company’s email address on successful creation. Auth required: Yes | Role: superadminRequest
Company display name. 1–200 characters.
Primary contact email address. Must be unique across all companies.
Response
201 Created
trueThe newly created company object (id, nombre, email).
Example
DELETE /api/empresas/<id>
Permanently deletes a company and all of its associated data in cascade (users, apartments, templates, integrations, etc.). This action is irreversible. Auth required: Yes | Role: superadminPath Parameters
UUID of the company to delete.
Response
200 OK
trueHuman-readable confirmation message.
404 Not Found — company not found.

